Ethical Hacking and Countermeasures
Question No: 381 – (Topic 14)
You are conducting pen-test against a company’s website using SQL Injection techniques. You enter “anuthing or 1=1-” in the username filed of an authentication
form. This is the output returned from the server. What is the next step you should do?
Identify the user context of the web application by running_ http://www.example.com/order/include_rsa_asp?pressReleaseID=5 AND
USER_NAME() = ‘dbo’
Identify the database and table name by running: http://www.example.com/order/include_rsa.asp?pressReleaseID=5 AND
ascii(lower(substring((SELECT TOP 1 name FROM sysobjects WHERE xtype=’U’),1))) gt; 109
Format the C: drive and delete the database by running: http://www.example.com/order/include_rsa.asp?pressReleaseID=5 AND xp_cmdshell ‘format c: /q /yes ‘; drop database myDB; –
Reboot the web server by running: http://www.example.com/order/include_rsa.asp?pressReleaseID=5 AND xp_cmdshell ‘iisreset -reboot’; –
Question No: 382 – (Topic 14)
Which of the following activities will not be considered passive footprinting?
Go through the rubbish to find out any information that might have been discarded
Search on financial site such as Yahoo Financial to identify assets
Scan the range of IP address found in the target DNS database
Perform multiples queries using a search engine
Explanation: Scanning is not considered to be passive footprinting.
Question No: 383 – (Topic 14)
Bank of Timbukut is a medium-sized, regional financial institution in Timbuktu. The bank has deployed a new Internet-accessible Web Application recently. Customers can access their account balances, transfer money between accounts, pay bills and conduct online financial business using a web browser.
John Stevens is in charge of information security at Bank of Timbukut. After one month in production, several customers have complained about the Internet enabled banking application. Strangely, the account balances of many of the bank’s customers had been changed ! However, money hasn’t been removed from the bank, instead money was transferred between accounts. Given this attack profile, John Stevens reviewed the Web Application’s logs and found the following entries.
What kind of attack did the Hacker attempt to carry out at the Bank?
Brute Force attack in which the Hacker attempted guessing login ID and password from password cracking tools
The Hacker used a generator module to pass results to the Web Server and exploited Web Application CGI vulnerability.
The Hacker first attempted logins with suspected user names, then used SQL injection to gain access to valid login IDs
The Hacker attempted Session Hijacking, in which the hacker opened an account with the bank, then logged in to receive a session ID, guessed the next ID and took over Jason’s session.
Explanation: Typing things like ‘ or 1=1 – in the login field is evidence of a hacker trying out if the system is vulnerable to SQL injection.
Question No: 384 – (Topic 14)
A particular database threat utilizes a SQL injection technique to penetrate a target system. How would an attacker use this technique to compromise a database?
An attacker uses poorly designed input validation routines to create or alter SQL commands to gain access to unintended data or execute commands of the database
An attacker submits user input that executes an operating system command to compromise a target system
An attacker gains control of system to flood the target system with requests, preventing legitimate users from gaining access
An attacker utilizes an incorrect configuration that leads to access with higher-than- expected privilege of the database
Explanation: Using the poorly designed input validation to alter or steal data from a database is a SQL injection attack.
Question No: 385 – (Topic 14)
What is the problem with this ASP script (login.asp)?
Set objConn = CreateObject(quot;ADODB.Connectionquot;) objConn.Open Application(quot;WebUsersConnectionquot;)
sSQL=quot;SELECT * FROM Users where Username=? amp; Request(quot;userquot;) amp; _ quot;?and Password=? amp; Request(quot;pwdquot;) amp; quot;?
Set RS = objConn.Execute(sSQL)
If RS.EOF then Response.Redirect(quot;login.asp?msg=Invalid Loginquot;) Else
Session.Authorized = True Set RS = nothing
Set objConn = nothing Response.Redirect(quot;mainpage.aspquot;) End If
The ASP script is vulnerable to XSS attack
The ASP script is vulnerable to SQL Injection attack
The ASP script is vulnerable to Session Splice attack
The ASP script is vulnerable to Cross Site Scripting attack
Question No: 386 – (Topic 14)
Bob has been hired to do a web application security test. Bob notices that the site is dynamic and infers that they mist be making use of a database at the application back end. Bob wants to validate whether SQL Injection would be possible.
What is the first character that Bob should use to attempt breaking valid SQL requests?
Explanation: In SQL single quotes are used around values in queries, by entering another
single quote Bob tests if the application will submit a null value and probably returning an error.
Question No: 387 – (Topic 14)
Identify SQL injection attack from the HTTP requests shown below:
http://www.xsecurity.com/cgiin/bad.cgi?foo=…./bin/ls -al C. http://www.myserver.com/search.asp?lname=smith’;update usertable set% 20passwd=’hAx0r’;-
Explanation: Explantion: The correct answer contains the code to alter the usertable in order to change the password for user smith to hAx0r
Question No: 388 - (Topic 14)
When a malicious hacker identifies a target and wants to eventually compromise this target, what would be among the first steps that he would perform? (Choose the best answer)
Cover his tracks by eradicating the log files and audit trails.
Gain access to the remote computer in order to conceal the venue of attacks.
Perform a reconnaissance of the remote target for identical of venue of attacks.
Always begin with a scan in order to quickly identify venue of attacks.
Explanation: A hacker always starts with a preparatory phase (Reconnaissance) where he seeks to gather as much information as possible about the target of evaluation prior to launching an attack. The reconnaissance can be either passive or active (or both).
Question No: 389 - (Topic 14)
Look at the following SQL query.
SELECT * FROM product WHERE PCategory=#39;computers#39; or 1=1-#39; What will it return?
Select the best answer.
All computers and all 1#39;s
All computers and everything else
Everything except computers
Answer: C Explanation:
The 1=1 tells the SQL database to return everything, a simplified statement would be SELECT * FROM product WHERE 1=1 (which will always be true for all columns). Thus, this query will return all computers and everything else. The or 1=1 is a common test to see if a web application is vulnerable to a SQL attack.
Question No: 390 - (Topic 14)
Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines to create or alter SQL commands to gain access to private data or execute commands in the database. What technique does Jimmy use to
compromise a database?
Jimmy can submit user input that executes an operating system command to compromise a target system
Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate a target system
Jimmy can utilize an incorrect configuration that leads to access with higher-than- expected privilege of the database
Jimmy can gain control of system to flood the target system with requests, preventing legitimate users from gaining access
Explanation: SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
100% Free Download!
-Download Free Demo:312-50 Demo PDF
100% Pass Guaranteed!
-Download 2017 EnsurePass 312-50 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|